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DETAILED ACTION 

1 . The reply filed 7 February 2006 has been received and entered. Claims 1-22 are 
pending. 

Information Disclosure Statement 

2. The HAUGH and SHANKAR references cited in the Information Disclosure 
Statement filed 10 February 2006 were already cited by the examiner with the previous 
Office action. 

Response to Amendment 

3. Applicant's replacement drawings and amendments to the specification 
appropriately address the objections to the drawings and specification as detailed in the 
previous Office action. Accordingly, these objections are withdrawn. 

4. Applicant's amendment to claim 1 1 appropriately addresses the objection to claim 
1 1 as detailed in the previous Office action. Accordingly, this objection is withdrawn. 

5. Applicant's amendment to claim .17 appropriately addresses the rejection of claim 
17 under 35 U.S.C. § 1 12, second paragraph, as detailed in the previous Office action. 
Accordingly, this rejection is withdrawn. 

6. Applicant's amendments to claims 1-17 do not appropriately address the rejection 
of claims 1-17 under 35 U.S.C. § 101. Accordingly, this rejection is maintained as set 
forth below. 

Response to Arguments 

7. Applicant's arguments filed 7 February 2006 have been fully considered but they 
are not persuasive. 
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It is noted that, contrary to Applicant's assertion (Remarks at pp. 9-10), the claims 
have not been amended to include the generation of a report which ranks the 
vulnerabilities as a function of the analysis. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., the use of compiler techniques, as opposed to constraint language and formal 
methods; and the method/utility not being part of the compiler for the program that is 
being analyzed) are not recited in the rejected claim(s). Although the claims are 
interpreted in light of the specification, limitations from the specification are not read into 
the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
Applicant's arguments with regard to claims 1,15, and 16 fail to comply with 37 
CFR 1.1 1 1(b) because they amount to a general allegation that the claims define a 
patentable invention without specifically pointing out how the language of the claims 
patentably distinguishes them from the references. 

The merits of new claims 18-22 are addressed separately as set forth below. 
Claim Rejections - 35 USC § 101 

8. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior Office action. 

9. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

A claim that requires one or more acts to be performed defines a process. 
However, not all processes are statutory under 35 U.S.C. § 101. To be statutory, a 
claimed process must either: (A) result in a physical transformation for which a practical 



Application/Control Number: 1 0/825,007 Page 4 

Art Unit: 2192 

application is either disclosed in the specification or would have been known to a skilled 
artisan, or (B) be limited to a practical application which produces a useful, tangible, and 
concrete result. See Diamond v. Diehr, 450 U.S. 175, 183-84, 209 USPQ 1, 9 (1981) 
(quoting Cochrane v. Deener, 94 U.S. 780, 787-88 (1876)) ("A [statutory] process is a 
mode of treatment of certain materials to produce a given result. It is an act, or a series of 
acts, performed upon the subject-matter to be transformed and reduced to a different state 
or thing .... The process requires that certain things should be done with certain 
substances, and in a certain order; but the tools to be used in doing this may be of 
secondary consequence."). See also In re Alappat, 33 F.3d 1526, 1543, 31 USPQ2d 
1545, 1556-57 (quoting Diehr, 450 U.S. at 192, [209 USPQ at 10]). 

In State Street, the Federal Circuit examined some of its prior section 101 cases, 
observing that the claimed inventions in those cases were each for a "practical application 
of an abstract idea" because the elements of the invention operated to produce a "useful, 
concrete and tangible result." State St. Bank & Trust v. Signature Fin. Group, 149 F.3d 
1368, 1373-74, 47 USPQ2d 1596, 1601-02 (Fed Cir. 1998). For example, the court in 
State Street noted that the claimed invention in Alappat "constituted a practical 
application of an abstract idea (a mathematical algorithm, formula, or calculation), 
because it produced 'a useful, concrete and tangible result' — the smooth waveform." Id. 
Similarly, the claimed invention in Arrhythmia "constituted a practical application of an 
abstract idea (a mathematical algorithm, formula, or calculation), because it corresponded 
to a useful, concrete and tangible thing — the condition of a patient's heart." Id. (citing 
Arrhythmia Research Tech. V. Corazonix Corp., 958 F.2d 1053, 22 USPQ2d 1033 (Fed. 
Cir. 1992)). 
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In determining whether the claim is for a "practical application," the focus is not 
on whether the steps taken to achieve a particular result are useful, tangible and concrete, 
but rather that the final result is "useful, tangible and concrete." The Federal Circuit 
further ruled that it is of little relevance whether a claim is directed to a machine or 
process for the purpose of a § 101 analysis. AT&T Corp. v. Excel Commc 'ns, 172 F.3d 
1352, 1358, 50 USPQ2d 1447, 1451 (Fed. Cir. 1999). 

Data structures not claimed as embodied in computer-readable media are 
descriptive material per se and are not statutory because they are not capable of causing 
functional change in the computer. See, e.g., In re Warmerdam, 33 F.3d 1354, 1361, 31 
USPQ2d 1754, 1760 (claim to a data structure per se held nonstatutory). Such claimed 
data structures do not define any structural and functional interrelationships between the 
data structure and other claimed aspects of the invention which permit the data structure's 
functionality to be realized. In contrast, a claimed computer-readable medium encoded 
with a data structure defines structural and functional interrelationships between the data 
structure and the computer software and hardware components which permit the data 
structure's functionality to be realized, and is thus statutory. 

Similarly, computer programs claimed as computer listings per se, i.e., the 
descriptions or expressions of the programs, are not physical "things." They are neither 
computer components nor statutory processes, as they are not "acts" being performed. 
Such claimed computer programs do not define any structural and functional 
interrelationships between the computer program and other claimed elements of a 
computer which permit the computer program's functionality to be realized. In contrast, 
a claimed computer-readable medium encoded with a computer program is a computer 
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element which defines structural and functional interrelationships between the computer 
program and the rest of the computer which permit the computer program's functionality 
to be realized, and is thus statutory. See In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 
1031, 1035. 

With regard to claims 1-15 and 18-21, the addition of the words "computer 
implemented" to the first line of each claim is insufficient to render the claims statutory 
processes eligible for patent protection because the qualifier "computer implemented" 
does not imply a practical application which produces a useful, tangible, and concrete 
result . Further, the generation of a report that identifies vulnerabilities is insufficient to 
define a practical application because the report is not a tangible result. 

With regard to claims 16, 17, and 22, these claims recite descriptive material, per 
se. These claims do not define the structural and functional interrelationships between 
the recited elements and other aspects of a computer system that would permit the 
functionality to be realized. Claims 16, 17, and 22 are not, for example, recited as 
computer-readable media encoded with executable instructions for carrying out the 
recited functionality (which would be statutory). 

Claim Rejections - 35 USC § 112 

10. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one .or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

11. Claims 1-22 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 
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Applicant has amended independent claims 1 and 15 to recite, "a pre-existing 
source code listing, stored in computer readable medium having computer executable 
instructions, said source code having an inherent control flow and an inherent data flow 
during the computer execution thereof . .■ . Because a source code listing is typically 
understood to be a non-executable human-readable document containing program 
instructions written in a high-level language (as opposed to a computer-executable 
machine code format), it is unclear what Applicant means by storing such a listing in a 
medium with computer-executable instructions, and it is likewise unclear what Applicant 
means by "the computer execution thereof. While source code may be readily converted 
to a computer-executable format through compilation, it is unclear whether the 
limitations in the bodies of the claims define acts carried out on non-executable source 
code, executable machine code (which is not source code), or some combination of the 
two. 

Further, it is unclear what is meant by the phrase "computer-executable variables" 
in line 6 of claim 1, as variables do not, per se, provide executable functionality. 

Claim Rejections - 35 USC § 102 

12. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior Office action. 

13. Claims 1-16, as best understood, are rejected under 35 U.S.C. 102(b) as being 
anticipated by David Wagner, et al., "A First Step Towards Automated Detection of 
Buffer Overrun Vulnerabilites," Proceedings of the Network and Distributed System 
Security Symposium, Feb. 2000, (hereinafter Wagner et al). 
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As per claims 1,15, and 16, Wagner et al discloses analyzing variables in source 
code in the context of at least one of the inherent control flow and inherent data flow and 
creating models therefrom in which each model specifies pre-determined characteristics 
about each variable (see, for example, section 1.1); using the variable models to create 
models of arguments to routine calls in the source code (see, for example, sections 1 . 1 
and 3); using the argument models in conjunction with pre-specified criteria for the 
corresponding routine calls to determine whether the routine calls possess vulnerabilities 
as a consequence of the arguments and known routine behavior (see, for example, 
sections 1.1 and 4); and generating a report that identifies the vulnerabilities (see, for 
example, Fig. 5). 

As per claim 2, Wagner et al further discloses the models specifying the memory 
size of a variable (see, for example, sections 1.1 and 3). 

As per claim 3, Wagner et al further discloses the models specifying the data size 
of a variable (see, for example, sections 1.1 and 3). 

As per claim 4, Wagner et al further discloses the models specifying whether the 
variable is a null terminated string or not null terminated string for variables of string 
value type (see, for example, sections 1.1 and 3). 

As per claim 5, Wagner et al further discloses the models specifying the type of 
memory of a variable (see, for example, sections 1.1 and 3). 

As per claim 6, Wagner et al further discloses the models specifying the value of 
a string for variables that are of a string value type (see, for example, sections 1.1 and 3). 

As per claim 7, Wagner et al further discloses the models specifying the origin of 
the data for a variable (see, for example, sections 1.1 and 3). 
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As per claim 8, Wagner et al further discloses the models specifying 
characteristics of variable arguments (see, for example, sections 1.1 and 3). 

As per claim 9, Wagner et al further discloses the models specifying 
characteristics of expression arguments (see, for example, sections 1.1 and 3). 

As per claim 10, Wagner et al further discloses the models being specified as 
lattices (see, for example, sections 2 and 3). 

As per claim 11, Wagner et al further discloses the lattice values including at 
least one of a value to represent no knowledge, a value to represent inconsistent 
knowledge, and a value to represent a refinement of knowledge (see, for example, 
sections 2 and 3). 

As per claim 12, Wagner et al further discloses the value to represent a 
refinement of knowledge including values to specify a range of specific values (see, for 
example, sections 2 and 3). 

As per claim 13, Wagner et al further discloses the pre-specified criteria for the 
corresponding routine including rules about the semantic behavior of the routine (see, for 
example, sections 1.1 and 3). 

As per claim 14, Wagner et al further discloses the vulnerabilities being buffer 
overflows (see, for example, section 1.1). 

Claim Rejections - 35 USC § 103 
14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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15. Claims 17-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wagner et al in view of John Viega, et al., "ITS4: A Static Vulnerability Scanner for C 
and C++ Code," 2000 (art of record; hereinafter Viega et al). 

Regarding claims 17-19, Wagner et al fails to expressly disclose using a database 
having computer readable information about a predefined set of source code routine calls, 
said information specifying one or more conditions that present a vulnerability during 
execution of the routine call; and using the database to retrieve information for a 
corresponding routine call to check for the specified condition to see whether the routine 
call presents a vulnerability. However, Viega et al teaches that it is beneficial to use a 
database of vulnerabilities, including a description of possible problems, hints on how to 
tell if there really is a problem, and suggested fixes, and to compare a token stream based 
on source code with the database to detect vulnerabilities (see, for example, sections 2, 
4.1, and 4.2). Therefore, it would have been obvious to one of ordinary skill in the 
computer art at the time the invention was made to use such a database to facilitate the 
detection of vulnerabilities. One would be motivated to do so to maintain expert 
knowledge regarding vulnerabilities in a format that can be easily modified. 

16. Claims 18-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wagner et al in view of David Larochelle and David Evans, "Statically Detecting Likely 
Buffer Overflow Vulnerabilities," 2001 (art of record; hereinafter Larochelle et al). 

Regarding claims 18-21, Wagner et al fails to expressly disclose identifying the 
location in the source code listing where the vulnerability occurred. However, Wagner et 
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al clearly indicates that such a feature would be desirable {Wagner et al. at p. 11), and 
Larochelle et al. teaches providing such vulnerability location information (see, for 
example, the representative output in section 4.1 of Larochelle et al, describing a 
vulnerability (possible out-of-bounds store) at line 1 1 12 of source code file ftpd.c). 
Therefore, it would have been obvious to one of ordinary skill in the computer art at the 
time the invention was made to provide such a vulnerability location feature as taught by 
Larochelle et al. in order to gain the advantage of knowing which statement in a source 
code file is at fault for a particular vulnerability. 

Conclusion 

17. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

18. Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Eric B. Kiss whose telephone number is (571) 272-3699. 
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The Examiner can normally be reached on Tue. - Fri., 7:00 am - 4:30 pm. The Examiner 
can also be reached on alternate Mondays. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Tuan Dam, can be reached on (571) 272-3695. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Any inquiry of a general nature should be directed to the TC 2100 Group 
receptionist: 571-272-2100. 



EBK /g&K 
May 12, 2006 




